Commit report for master branch

The git bot announce at freeradius.org
Wed Jul 16 00:00:01 CEST 2014


New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)

======
Check BN_rand_range return value

CVE-2014-4733.

In practice, the function should never fail.

jvoisin (via Alan T. DeKok)@2014-07-15T01:37:05Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/52328081b0afb6b756c2bfa15a3c1203a9ec50f3
====== 
Constant time memory comparison.

CVE-2014-4731.

Non-constant time comparisons usually require millions of packets
in order to get enough statistics.  This is VERY hard to do with
WiFi or wired 802.1X.  The delays on switch port open / close
are on the order of seconds.

jvoisin (via Alan T. DeKok)@2014-07-15T01:37:03Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/403722205996c5d536921669d413aa5ae42d0459
====== 
Use *_clear_free instead of *_free.

CVE-2014-4732

jvoisin (via Alan T. DeKok)@2014-07-15T01:37:02Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c272a5cd9cc6c9ba420a2743a395f5ae12633d1f
====== 
-- 
This commit summary was generated @2014-07-16T00:00:01Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).


More information about the Freeradius-Devel mailing list